VDB
GCVE-VVD-NCSC-2025-381
GCVE-VVD-NCSC-2025-381
Advisory PublishedCVSS 3.5/10
A vulnerability in specific versions of Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to create a views dashboard with a custom background, potentially leading to unvalidated redirects to malicious external sites.
Weaknesses (CWE)
CWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-117Improper Output Neutralization for LogsCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-732Incorrect Permission Assignment for Critical ResourceCWE-918Server-Side Request Forgery (SSRF)CWE-20Improper Input Validation
Risk Scores
CVSS 3.1
3.5/10
Low · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Splunk | vers:unknown/* | — | — |
Aliases
CVE-2025-20389CVE-2025-20383CVE-2025-20385CVE-2025-20384CVE-2025-20388CVE-2025-20382CVE-2025-20386CVE-2025-20387
Transitive aliases
VVD-CISA-2025-20385BDU:2025-16296BDU:2025-16295GHSA-49x5-pp3j-h44fGHSA-qw76-cw53-c7qxEUVD-2025-200997GHSA-2x78-c45h-phqxEUVD-2025-201002VVD-CISA-2025-20383GHSA-c3c6-ggqg-7crvBDU:2025-16301BDU:2025-16299VVD-CISA-2025-20389BDU:2025-16300EUVD-2025-200995GHSA-3vhx-c2qq-56q5BDU:2025-16297VVD-CISA-2025-20388VVD-CISA-2025-20384EUVD-2025-201004GHSA-9f8g-g258-v49cVVD-CISA-2025-20386GHSA-3fqq-36h4-cgvcEUVD-2025-200992BDU:2025-16302VVD-CISA-2025-20387VVD-CISA-2025-20382BDU:2025-16294GHSA-99hp-3vr6-f5r2EUVD-2025-201001EUVD-2025-200996EUVD-2025-201003
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.